Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

CRS354 VLANs 100% cpu load

Post Reply
 
DeepB
just joined
Topic Author
Posts: 12
Joined: Wed Jun 22, 2022 10:45 am

CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 3:47 pm

Hello,

I have multiple CRS354 switches. I added VLANs in RouterOS. Now the switch has 100%cpu load and a high package loss.

I believe I used this to set up the VLANs: https://help.mikrotik.com/docs/display/ ... NFiltering

I used (my comment after ##)
Code: Select all
/interface bridge port
set bridge=bridge1 interface=ether1 pvid=20 frame-types=admit-only-untagged-and-priority-tagged number=0 ##for all ports that are assigned a fixed vlan.
set bridge=bridge1 interface=ether2 pvid=20 frame-types=admit-only-untagged-and-priority-tagged number=1

/interface bridge vlan
add bridge=bridge1 tagged=qsfpplus1-1,qsfpplus1-2,qsfpplus1-3,qsfpplus1-4,qsfpplus2-1,qsfpplus2-2,qsfpplus2-3,qsfpplus2-4,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether47,ether48 vlan-ids=12 ## for all the vlans and the ports I want to have tagged traffic over. 


/interface vlan
add interface=bridge1 vlan-id=1 name=default
add interface=bridge1 vlan-id=12 name=WIFI-public
I then activated "VLAN Filtering" in Bridge in WinBox.
I have only one bridge, it is called bridge1.

Is this the wrong approach? It seems RouterOS uses the CPU for routing instead of the routing-chip?

Thanks
Daniel
Top
 
biomesh
Long time Member
Long time Member
Posts: 574
Joined: Fri Feb 10, 2012 8:25 pm

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 3:57 pm

Did you enable l3hw offloading? This is primarily a switch and while there are some layer 3 routing features offloaded to the switch chip, the CPU is not going to be able to handle much routing outside of the functionality in the l3hw offloading specs.

https://help.mikrotik.com/docs/display/ ... Offloading

You should also post your full config so others can see if there are any other issues present.
Top
 
DeepB
just joined
Topic Author
Posts: 12
Joined: Wed Jun 22, 2022 10:45 am

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 4:11 pm

my config:
Code: Select all

export hide-sensitive
# jan/02/1970 19:45:50 by RouterOS 7.3.1
# software id = 7GPA-Q0WH
#
# model = CRS354-48G-4S+2Q+
# serial number = XXXXXXX
/interface bridge
add admin-mac=DC:2C:6E:B3:AB:FB auto-mac=no comment=defconf ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=OFFLINE vlan-id=99
add interface=bridge1 name=PV vlan-id=90
add interface=bridge1 name=VOIP vlan-id=20
add interface=bridge1 name=WIFI-internal vlan-id=13
add interface=bridge1 name=WIFI-mixed vlan-id=14
add interface=bridge1 name=WIFI-public vlan-id=12
add interface=bridge1 name=default vlan-id=1
add interface=bridge1 name=management vlan-id=100
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether1
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether7
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether8
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether9
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether10
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether11
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether12
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether13
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether14
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether15
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether16
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether17
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether18
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether19
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether20
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether21
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether22
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether23
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether24
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether25
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether26
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether27
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether28
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether29
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether30
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether31
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether32
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether33
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether34
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether35
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether36
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether37
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether38
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether39
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether40
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether41
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether42
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether43
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether44
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether45
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether46
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether47
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether48
add bridge=bridge1 comment=defconf ingress-filtering=no interface=qsfpplus1-1
add bridge=bridge1 comment=defconf ingress-filtering=no interface=qsfpplus1-2
add bridge=bridge1 comment=defconf ingress-filtering=no interface=qsfpplus1-3
add bridge=bridge1 comment=defconf ingress-filtering=no interface=qsfpplus1-4
add bridge=bridge1 comment=defconf ingress-filtering=no interface=qsfpplus2-1
add bridge=bridge1 comment=defconf ingress-filtering=no interface=qsfpplus2-2
add bridge=bridge1 comment=defconf ingress-filtering=no interface=qsfpplus2-3
add bridge=bridge1 comment=defconf ingress-filtering=no interface=qsfpplus2-4
add bridge=bridge1 comment=defconf ingress-filtering=no interface=sfp-sfpplus1
add bridge=bridge1 comment=defconf ingress-filtering=no interface=sfp-sfpplus2
add bridge=bridge1 comment=defconf ingress-filtering=no interface=sfp-sfpplus3
add bridge=bridge1 comment=defconf frame-types=admit-only-vlan-tagged ingress-filtering=no interface=sfp-sfpplus4
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge1 tagged=qsfpplus1-1,qsfpplus1-2,qsfpplus1-3,qsfpplus1-4,qsfpplus2-1,qsfpplus2-2,qsfpplus2-3,qsfpplus2-4,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether46,ether47,ether48,ether49 vlan-ids=12
add bridge=bridge1 tagged=qsfpplus1-1,qsfpplus1-2,qsfpplus1-3,qsfpplus1-4,qsfpplus2-1,qsfpplus2-2,qsfpplus2-3,qsfpplus2-4,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether45,ether46,ether47,ether48 vlan-ids=13
add bridge=bridge1 tagged=qsfpplus1-1,qsfpplus1-2,qsfpplus1-3,qsfpplus1-4,qsfpplus2-1,qsfpplus2-2,qsfpplus2-3,qsfpplus2-4,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether47,ether48,ether45,ether46 vlan-ids=14
add bridge=bridge1 tagged=qsfpplus1-1,qsfpplus1-2,qsfpplus1-3,qsfpplus1-4,qsfpplus2-1,qsfpplus2-2,qsfpplus2-3,qsfpplus2-4,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether47,ether48,ether45,ether46 vlan-ids=20
add bridge=bridge1 tagged=qsfpplus1-1,qsfpplus1-2,qsfpplus1-3,qsfpplus1-4,qsfpplus2-1,qsfpplus2-2,qsfpplus2-3,qsfpplus2-4,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether47,ether48,ether45,ether46 vlan-ids=90
add bridge=bridge1 tagged=qsfpplus1-1,qsfpplus1-2,qsfpplus1-3,qsfpplus1-4,qsfpplus2-1,qsfpplus2-2,qsfpplus2-3,qsfpplus2-4,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether47,ether48,ether45,ether46 vlan-ids=99
add bridge=bridge1 tagged=qsfpplus1-1,qsfpplus1-2,qsfpplus1-3,qsfpplus1-4,qsfpplus2-1,qsfpplus2-2,qsfpplus2-3,qsfpplus2-4,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether47,ether48,ether45,ether46 vlan-ids=100
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20 list=LAN
add interface=ether21 list=LAN
add interface=ether22 list=LAN
add interface=ether23 list=LAN
add interface=ether24 list=LAN
add interface=ether25 list=LAN
add interface=ether26 list=LAN
add interface=ether27 list=LAN
add interface=ether28 list=LAN
add interface=ether29 list=LAN
add interface=ether30 list=LAN
add interface=ether31 list=LAN
add interface=ether32 list=LAN
add interface=ether33 list=LAN
add interface=ether34 list=LAN
add interface=ether35 list=LAN
add interface=ether36 list=LAN
add interface=ether37 list=LAN
add interface=ether38 list=LAN
add interface=ether39 list=LAN
add interface=ether40 list=LAN
add interface=ether41 list=LAN
add interface=ether42 list=LAN
add interface=ether43 list=LAN
add interface=ether44 list=LAN
add interface=ether45 list=LAN
add interface=ether46 list=LAN
add interface=ether47 list=LAN
add interface=ether48 list=LAN
add interface=ether49 list=LAN
add interface=qsfpplus1-1 list=LAN
add interface=qsfpplus1-2 list=LAN
add interface=qsfpplus1-3 list=LAN
add interface=qsfpplus1-4 list=LAN
add interface=qsfpplus2-1 list=LAN
add interface=qsfpplus2-2 list=LAN
add interface=qsfpplus2-3 list=LAN
add interface=qsfpplus2-4 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.42.43/24 comment=defconf interface=ether2 network=192.168.42.0
/ip dns
set servers=8.8.8.8
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.42.58
/system identity
set name="MikroTik 1"
/system routerboard settings
set boot-os=router-os
Top
 
DeepB
just joined
Topic Author
Posts: 12
Joined: Wed Jun 22, 2022 10:45 am

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 4:12 pm

Did you enable l3hw offloading? This is primarily a switch and while there are some layer 3 routing features offloaded to the switch chip, the CPU is not going to be able to handle much routing outside of the functionality in the l3hw offloading specs.
As far as i am aware simple VLAN should be L2 only and run exclusively on the switch chip?

EDIT: current profile:
33% bridging
15% management
100% total
43% unclassified
0% routing
7,5% networking
Top
 
biomesh
Long time Member
Long time Member
Posts: 574
Joined: Fri Feb 10, 2012 8:25 pm

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 4:24 pm

- you don't need vlan interfaces on a switch unless you are going to implement l3hw offloading (and perform routing) or want to assign an ip address for management to one of the vlans going through/to the switch (this vlan would be assigned to the bridge)
- your ip address is assigned to ether2 and not the bridge/vlan interface on the bridge for management
- most of your ether ports don't have a vlan assigned unless you plan on just using vlan 1 untagged, which would be the default

I would look through

https://wiki.mikrotik.com/wiki/Manual:C ... s_switches

and double check your config. It looks like you missed some steps and added those vlan interfaces unnecessarily unless your goal was l3hw offloading.
Top
 
DeepB
just joined
Topic Author
Posts: 12
Joined: Wed Jun 22, 2022 10:45 am

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 4:48 pm

how do i correct that best? is it enough if I delete the bridge? are the coresponding vlans deleted to? or do I need to totaly factory reset the switch?

thanks
Daniel
Top
 
biomesh
Long time Member
Long time Member
Posts: 574
Joined: Fri Feb 10, 2012 8:25 pm

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 5:12 pm

I would not start over - here is a sample config for reference:
Code: Select all
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge1 priority=0x2000 \
    pvid=75 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=9080 mtu=9000
set [ find default-name=ether2 ] l2mtu=9080 mtu=9000
set [ find default-name=ether3 ] l2mtu=9080 mtu=9000
set [ find default-name=ether4 ] l2mtu=9080 mtu=\
    9000
set [ find default-name=ether5 ] l2mtu=9080 mtu=\
    9000
set [ find default-name=ether6 ] l2mtu=9080 mtu=9000
set [ find default-name=ether7 ] l2mtu=9080 mtu=9000
set [ find default-name=ether8 ] l2mtu=9080 mtu=9000
set [ find default-name=ether9 ] l2mtu=9080 mtu=\
    9000
set [ find default-name=ether10 ] l2mtu=9080 mtu=9000
set [ find default-name=ether11 ] l2mtu=9080 mtu=9000
set [ find default-name=ether12 ] l2mtu=9080 mtu=9000
set [ find default-name=ether13 ] l2mtu=9080 mtu=9000
set [ find default-name=ether14 ] l2mtu=9080 \
    mtu=9000
set [ find default-name=ether15 ] l2mtu=9080 mtu=9000
set [ find default-name=ether16 ] l2mtu=9080 mtu=9000
set [ find default-name=ether17 ] l2mtu=9080 mtu=9000
set [ find default-name=ether18 ] l2mtu=9080 mtu=9000
set [ find default-name=ether19 ] l2mtu=9080 mtu=9000
set [ find default-name=ether20 ] l2mtu=9080 mtu=9000
set [ find default-name=ether21 ] l2mtu=9080 mtu=9000
set [ find default-name=ether22 ] l2mtu=9080 mtu=9000
set [ find default-name=ether23 ] l2mtu=9080 mtu=9000
set [ find default-name=ether24 ] l2mtu=9080 mtu=9000
set [ find default-name=sfp-sfpplus1 ] l2mtu=9080 mtu=9000
set [ find default-name=sfp-sfpplus2 ] l2mtu=9080 mtu=9000
/interface vlan
add interface=bridge1 mtu=9000 name=vlan75 vlan-id=75
/interface bridge port
add bridge=bridge1 interface=ether1 internal-path-cost=4 path-cost=4
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 internal-path-cost=4 path-cost=4 pvid=500
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether5 \
    internal-path-cost=4 path-cost=4 pvid=100
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether6 \
    internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether7 internal-path-cost=4 path-cost=4 pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether8 internal-path-cost=4 path-cost=4 pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether9 internal-path-cost=4 path-cost=4 pvid=500
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether10 \
    internal-path-cost=4 path-cost=4 pvid=400
add bridge=bridge1 interface=ether11 internal-path-cost=4 path-cost=4 pvid=\
    400
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether12 internal-path-cost=4 path-cost=4 pvid=500
add bridge=bridge1 interface=ether13 internal-path-cost=4 path-cost=4 pvid=70
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether14 internal-path-cost=4 path-cost=4 pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether15 internal-path-cost=4 path-cost=4 pvid=500
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether16 internal-path-cost=4 path-cost=4 pvid=100
add bridge=bridge1 interface=ether17 internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether18 internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether19 internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether20 internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether21 internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether22 internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether23 internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether24 internal-path-cost=4 path-cost=4 pvid=75
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1 \
    internal-path-cost=2 path-cost=2
add bridge=bridge1 interface=sfp-sfpplus2 internal-path-cost=2 path-cost=2
add bridge=bridge1 interface=ether2 internal-path-cost=4 path-cost=4
add bridge=bridge1 interface=ether3 internal-path-cost=4 path-cost=4
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether13 vlan-ids=70
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 untagged=ether24 vlan-ids=75
add bridge=bridge1 tagged=sfp-sfpplus1,ether5,ether6 untagged=\
    ether8,ether7,ether16,ether14 vlan-ids=100
add bridge=bridge1 tagged=sfp-sfpplus1,ether10 untagged=ether11 vlan-ids=400
add bridge=bridge1 tagged=sfp-sfpplus1,ether6,ether13 untagged=\
    ether9,ether12,ether4,ether15 vlan-ids=500
/ip address
add address=192.168.75.3/24 interface=vlan75 network=192.168.75.0
/ip dns
set servers=192.168.75.1
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.75.1
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/system routerboard settings
set boot-os=router-os
Top
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3135
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:
Contact chechito

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 5:34 pm

please avoid using MGMT eth interface

if you wat to use L3 HW offload check this

https://help.mikrotik.com/docs/display/ ... onExamples
Top
 
DeepB
just joined
Topic Author
Posts: 12
Joined: Wed Jun 22, 2022 10:45 am

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 7:19 pm

I do NOT want to use L3 anything.

I did a factory reset. (System --> Reset configuration). After reboot I changed the admin password. I did not do anything else at all.

CPU: 100%

No VLANs no nothing. That cant be normal, right?
Top
 
kreload
just joined
Posts: 20
Joined: Tue Sep 15, 2020 10:18 am

Re: CRS354 VLANs 100% cpu load

Tue Jun 28, 2022 7:53 pm

You are using CPU for all VLANS. Usually you need the CPU only for management vlans.

Change this:

/interface vlan
add interface=bridge1 name=OFFLINE vlan-id=99
add interface=bridge1 name=PV vlan-id=90
add interface=bridge1 name=VOIP vlan-id=20
add interface=bridge1 name=WIFI-internal vlan-id=13
add interface=bridge1 name=WIFI-mixed vlan-id=14
add interface=bridge1 name=WIFI-public vlan-id=12
add interface=bridge1 name=default vlan-id=1
add interface=bridge1 name=management vlan-id=100

to :

/interface vlan
add interface=bridge1 name=management vlan-id=100
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 24 guests
  4. RouterOS
  5. Beginner Basics